Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40300 | 1 Zohocorp | 3 Manageengine Access Manager Plus, Manageengine Pam360, Manageengine Password Manager Pro | 2022-09-20 | N/A | 9.8 CRITICAL |
| Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities. | |||||
| CVE-2022-26959 | 1 Globalnorthstar | 1 Northstar Club Management | 2022-09-19 | N/A | 9.8 CRITICAL |
| There are two full (read/write) Blind/Time-based SQL injection vulnerabilities in the Northstar Club Management version 6.3 application. The vulnerabilities exist in the userName parameter of the processlogin.jsp page in the /northstar/Portal/ directory and the userID parameter of the login.jsp page in the /northstar/iphone/ directory. Exploitation of the SQL injection vulnerabilities allows full access to the database which contains critical data for organization’s that make full use of the software suite. | |||||
| CVE-2022-37201 | 1 Jflyfox | 1 Jfinal Cms | 2022-09-19 | N/A | 8.8 HIGH |
| JFinal CMS 5.1.0 is vulnerable to SQL Injection. | |||||
| CVE-2022-35947 | 1 Glpi-project | 1 Glpi | 2022-09-19 | N/A | 9.8 CRITICAL |
| GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Affected versions have been found to be vulnerable to a SQL injection attack which an attacker could leverage to simulate an arbitrary user login. Users are advised to upgrade to version 10.0.3. Users unable to upgrade should disable the `Enable login with external token` API configuration. | |||||
| CVE-2022-35946 | 1 Glpi-project | 1 Glpi | 2022-09-19 | N/A | 6.5 MEDIUM |
| GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In affected versions request input is not properly validated in the plugin controller and can be used to access low-level API of Plugin class. An attacker can, for instance, alter database data. Attacker must have "General setup" update rights to be able to perform this attack. Users are advised to upgrade to version 10.0.3. Users unable to upgrade should remove the `front/plugin.form.php` script. | |||||
| CVE-2022-37207 | 1 Jflyfox | 1 Jfinal Cms | 2022-09-18 | N/A | 8.8 HIGH |
| JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection | |||||
| CVE-2022-38878 | 1 School Activity Updates With Sms Notification Project | 1 School Activity Updates With Sms Notification | 2022-09-16 | N/A | 7.2 HIGH |
| School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/event/index.php?view=edit&id=. | |||||
| CVE-2022-35193 | 1 Testlink | 1 Testlink | 2022-09-16 | N/A | 7.2 HIGH |
| TestLink v1.9.20 was discovered to contain a SQL injection vulnerability via /lib/execute/execNavigator.php. | |||||
| CVE-2022-38808 | 1 Yimihome | 1 Ywoa | 2022-09-16 | N/A | 8.8 HIGH |
| ywoa v6.1 is vulnerable to SQL Injection via backend/oa/visual/exportExcel.do interface. | |||||
| CVE-2022-38832 | 1 School Activity Updates With Sms Notification Project | 1 School Activity Updates With Sms Notification | 2022-09-16 | N/A | 7.2 HIGH |
| School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/department/index.php?view=edit&id=. | |||||
| CVE-2022-38833 | 1 School Activity Updates With Sms Notification Project | 1 School Activity Updates With Sms Notification | 2022-09-16 | N/A | 7.2 HIGH |
| School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/modstudent/index.php?view=view&id=. | |||||
| CVE-2022-38771 | 1 Transtek | 1 Mojodat Fixed Asset Management | 2022-09-16 | N/A | 9.8 CRITICAL |
| The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to send SCRIPT tags as injected input to the API request. | |||||
| CVE-2022-38595 | 1 Church Management System Project | 1 Church Management System | 2022-09-16 | N/A | 7.2 HIGH |
| Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_user.php. | |||||
| CVE-2022-38594 | 1 Church Management System Project | 1 Church Management System | 2022-09-16 | N/A | 7.2 HIGH |
| Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_visitor.php. | |||||
| CVE-2022-36669 | 1 Hospital Information System Project | 1 Hospital Information System | 2022-09-15 | N/A | 9.8 CRITICAL |
| Hospital Information System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. | |||||
| CVE-2022-37138 | 1 Loan Management System Project | 1 Loan Management System | 2022-09-15 | N/A | 9.8 CRITICAL |
| Loan Management System 1.0 is vulnerable to SQL Injection at the login page, which allows unauthorized users to login as Administrator after injecting username form. | |||||
| CVE-2022-38637 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-09-15 | N/A | 9.8 CRITICAL |
| Hospital Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the Username and Password parameters on the Login page. | |||||
| CVE-2022-38616 | 1 Bpcbt | 1 Smartvista Front-end | 2022-09-15 | N/A | 8.8 HIGH |
| SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90 parameter at /feegroups/tgrt_group.jsf. | |||||
| CVE-2022-34700 | 1 Microsoft | 1 Dynamics 365 | 2022-09-15 | N/A | 8.8 HIGH |
| Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-35805. | |||||
| CVE-2021-44835 | 1 Aivhub | 1 Active Intelligence Visualization | 2022-09-15 | N/A | 9.8 CRITICAL |
| An issue was discovered in Active Intelligent Visualization 5. The Vdc header is used in a SQL query without being sanitized. This causes SQL injection. | |||||